Example 91 with Subject
use of javax.security.auth.Subject in project OpenAM by OpenRock.
the class RemoveApplicationPrivilegeSubjects method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
Set<SubjectImplementation> newSubjects = getSubjects(rc);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
try {
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
Set<SubjectImplementation> origSubjects = appPrivilege.getSubjects();
origSubjects.removeAll(newSubjects);
if (origSubjects.isEmpty()) {
throw new CLIException(getResourceString("remove-application-privilege-subjects-emptied-subjects"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
appPrivilege.setSubject(origSubjects);
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
CLIException(com.sun.identity.cli.CLIException)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
Subject(javax.security.auth.Subject)
Example 92 with Subject
use of javax.security.auth.Subject in project OpenAM by OpenRock.
the class SetApplication method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String appName = getStringOptionValue(PARAM_APPL_NAME);
String datafile = getStringOptionValue(IArgument.DATA_FILE);
List attrValues = rc.getOption(IArgument.ATTRIBUTE_VALUES);
if ((datafile == null) && (attrValues == null)) {
throw new CLIException(getResourceString("missing-attributevalues"), ExitCodes.INCORRECT_OPTION, rc.getSubCommand().getName());
}
Map<String, Set<String>> attributeValues = AttributeValues.parse(getCommandManager(), datafile, attrValues);
String[] params = { realm, appName };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_SET_APPLICATION", params);
Subject adminSubject = getAdminSubject();
try {
Application appl = ApplicationManager.getApplication(adminSubject, realm, appName);
Object[] param = { appName };
if (appl == null) {
throw new CLIException(MessageFormat.format(getResourceString("set-application-not-found"), param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
setApplicationAttributes(appl, attributeValues, false);
ApplicationManager.saveApplication(getAdminSubject(), realm, appl);
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("set-application-modified"), param));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_SET_APPLICATION", params);
} catch (EntitlementException e) {
String[] paramExs = { realm, appName, e.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_SET_APPLICATION", paramExs);
throw new CLIException(e, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (CLIException e) {
String[] paramExs = { realm, appName, e.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_SET_APPLICATION", paramExs);
throw e;
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Set(java.util.Set)
CLIException(com.sun.identity.cli.CLIException)
List(java.util.List)
Application(com.sun.identity.entitlement.Application)
Subject(javax.security.auth.Subject)
Example 93 with Subject
use of javax.security.auth.Subject in project OpenAM by OpenRock.
the class RemoveApplicationPrivilegeResources method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
try {
Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_UPDATE_APPLICATION_PRIVILEGE", params);
ApplicationPrivilege appPrivilege = apm.getPrivilege(name);
Map<String, Set<String>> origAppToResources = getApplicationToResources(appPrivilege);
removeFromMap(origAppToResources, mapAppToResources);
if (origAppToResources.isEmpty()) {
throw new CLIException(getResourceString("remove-application-privilege-resources-emptied-resources"), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
appPrivilege.setApplicationResources(origAppToResources);
apm.replacePrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("update-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_UPDATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_UPDATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
}
Also used :
EntitlementException(com.sun.identity.entitlement.EntitlementException)
Set(java.util.Set)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
CLIException(com.sun.identity.cli.CLIException)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
Subject(javax.security.auth.Subject)
Example 94 with Subject
use of javax.security.auth.Subject in project OpenAM by OpenRock.
the class CreateApplicationPrivilege method handleRequest.
/**
* Services a Commandline Request.
*
* @param rc Request Context.
* @throws CLIException if the request cannot serviced.
*/
@Override
public void handleRequest(RequestContext rc) throws CLIException {
super.handleRequest(rc);
String realm = getStringOptionValue(IArgument.REALM_NAME);
String name = getStringOptionValue(PARAM_NAME);
String[] params = { realm, name };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "ATTEMPT_CREATE_APPLICATION_PRIVILEGE", params);
String description = getStringOptionValue(PARAM_DESCRIPTION);
ApplicationPrivilege.PossibleAction actions = getActions();
Set<SubjectImplementation> subjects = getSubjects(rc);
try {
Map<String, Set<String>> mapAppToResources = getApplicationResourcesMap(rc, realm);
Subject userSubject = SubjectUtils.createSubject(getAdminSSOToken());
ApplicationPrivilegeManager apm = ApplicationPrivilegeManager.getInstance(realm, userSubject);
ApplicationPrivilege appPrivilege = new ApplicationPrivilege(name);
appPrivilege.setDescription(description);
appPrivilege.setActionValues(actions);
appPrivilege.setApplicationResources(mapAppToResources);
appPrivilege.setSubject(subjects);
apm.addPrivilege(appPrivilege);
Object[] msgParam = { name };
getOutputWriter().printlnMessage(MessageFormat.format(getResourceString("create-application-privilege-succeeded"), msgParam));
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "SUCCEEDED_CREATE_APPLICATION_PRIVILEGE", params);
} catch (EntitlementException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
throw new CLIException(ex, ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
} catch (CLIException ex) {
String[] paramExs = { realm, name, ex.getMessage() };
writeLog(LogWriter.LOG_ACCESS, Level.INFO, "FAILED_CREATE_APPLICATION_PRIVILEGE", paramExs);
throw ex;
}
}
Also used :
Set(java.util.Set)
ApplicationPrivilegeManager(com.sun.identity.entitlement.ApplicationPrivilegeManager)
Subject(javax.security.auth.Subject)
EntitlementException(com.sun.identity.entitlement.EntitlementException)
ApplicationPrivilege(com.sun.identity.entitlement.ApplicationPrivilege)
CLIException(com.sun.identity.cli.CLIException)
SubjectImplementation(com.sun.identity.entitlement.SubjectImplementation)
Example 95 with Subject
use of javax.security.auth.Subject in project OpenAM by OpenRock.
the class ApplicationPrivilegeBase method getApplicationResourcesMap.
protected Map<String, Set<String>> getApplicationResourcesMap(RequestContext rc, String realm) throws CLIException, EntitlementException {
String appName = getStringOptionValue(PARAM_APPL_NAME);
Subject subject = SubjectUtils.createSubject(getAdminSSOToken());
Application application = ApplicationManager.getApplication(subject, realm, appName);
if (application == null) {
String[] param = { appName };
throw new CLIException(MessageFormat.format(getResourceString("privilege-application-application-invalid"), (Object[]) param), ExitCodes.REQUEST_CANNOT_BE_PROCESSED);
}
Set<String> delResources = new HashSet<String>();
List<String> resources = rc.getOption(PARAM_RESOURCES);
// if resources is not provided, delegate all resources
if ((resources == null) || resources.isEmpty()) {
delResources.addAll(getAllBaseResources(subject, realm, application));
} else {
delResources.addAll(resources);
}
Map<String, Set<String>> map = new HashMap<String, Set<String>>();
map.put(appName, delResources);
return map;
}
Also used :
Set(java.util.Set)
HashSet(java.util.HashSet)
HashMap(java.util.HashMap)
CLIException(com.sun.identity.cli.CLIException)
Application(com.sun.identity.entitlement.Application)
OpenSSOGroupSubject(com.sun.identity.entitlement.opensso.OpenSSOGroupSubject)
Subject(javax.security.auth.Subject)
OpenSSOUserSubject(com.sun.identity.entitlement.opensso.OpenSSOUserSubject)
HashSet(java.util.HashSet)
Aggregations
Subject (javax.security.auth.Subject)669
Test (org.testng.annotations.Test)131
Test (org.junit.Test)122
HashMap (java.util.HashMap)120
Principal (java.security.Principal)114
HashSet (java.util.HashSet)109
Set (java.util.Set)82
EntitlementException (com.sun.identity.entitlement.EntitlementException)64
LoginContext (javax.security.auth.login.LoginContext)62
LoginException (javax.security.auth.login.LoginException)49
ConditionDecision (com.sun.identity.entitlement.ConditionDecision)47
ResourceResponse (org.forgerock.json.resource.ResourceResponse)47
RealmContext (org.forgerock.openam.rest.RealmContext)46
Context (org.forgerock.services.context.Context)41
SSOToken (com.iplanet.sso.SSOToken)40
IOException (java.io.IOException)40
ClientContext (org.forgerock.services.context.ClientContext)40
Map (java.util.Map)38
SSOTokenContext (org.forgerock.openam.rest.resource.SSOTokenContext)38
ResourceException (org.forgerock.json.resource.ResourceException)37
